Scan Report
5 /100
lobster-attachment-inject
动态附件注入 — 在不修改system prompt的情况下注入动态内容。参考Claude Code的Attachment消息机制。
The skill is a documentation-only SKILL.md describing a dynamic attachment injection concept for AI agent token optimization, with no executable code, scripts, or concerning behavior.
Safe to install
No action needed. This is a pure documentation file explaining a design pattern for dynamic content injection.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | NONE | ✓ Aligned | SKILL.md describes read patterns but contains no actual code |
File Tree
1 files · 2.3 KB · 76 lines Markdown 1f · 76L
└─
SKILL.md
Markdown
Security Positives
✓ No executable scripts present — this is a documentation-only skill
✓ No network requests, credential access, or file I/O in actual code
✓ Bash snippets are simple grep/sed pipelines for metadata extraction, all benign
✓ No obfuscation, base64, or hidden functionality detected
✓ No sensitive paths (~/.ssh, ~/.aws, .env) accessed anywhere
✓ No credential harvesting or data exfiltration indicators